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CLAIM AMENDMENTS 
This listing of claims replaces all prior versions and listings of claims in the 
application. 

Listing of the Claims: 

1. (Currently Amended) A method of determining rules to be applied to a data 
packet arriving at a first interface within a data packet router, comprising the steps 
of: 

associating at least two sets of rules with the first interface, at least one of 
the sets of rules being a shared set of rules also associated with a second interface^ 
wherein Ternary Content Addressable Memory (TCAM) storage space is saved bv 
stona$£ the shared set of rules in a first Access Control List (ACL) : 

storing a set of rules snecific to only the first interface in a second ACL: 

determining a key of the data packet; 

searching ^lo at loaot two o ot s of rules b oth the first ACL and the second 
ACL to determine at least one rule matching the key; and 

applying an action associated with the at IcaQt one the kev-matching r ule to 
the data packet. 
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2. (Original) The method of claim 1 wherein the step of associating at least two 
sets of rules with the first interface includes associating at least one set of rules 
with the first interface alone. 

3. (Original) The method of claim 1 wherein the data packet is an internet 
protocol (IP) packet, wherein the interface is located within a router, and wherein 
the step of associating at least two sets of rules with the first interface comprises 
associating at least two access control lists (ACLs) with the first interface. 

4. (Original) The method of claim 3 wherein each rule has an associated action, 
each associated, action being one of packet denial, packet allowance, packet 
counting, and packet copying. 

5. (Original) The method of claim 3 wherein the key is determined from 
information contained within a header of the IP packet. 

6. (Original) The method of claim 5 wherein the information from which the 
key is determined includes at least one of an IP source address, an IP destination 
address, a protocol number, a Transmission Control Protocol/User Datagram 



Application No: 10/679,288 
Attorney s Docket No: ALC 3089 

Protocol (TCP/UDP) source port, a TCP/UDP destination port, and an Internet 

Control Message Protocol code. 

7. (Previously Presented) The method of claim 1 wherein the step of searching 
the at least two sets of rules comprises the steps of: 

determining a priority order for the at least two sets of rules; and 
searching for a rule matching the key in the at least two sets of rules in an 
order matching the priority order. 

8. (Currently Amended) A method of providing security in a data packet router 
at which a data packet arrives at a first interface, comprising the steps of: 

associating at least two sets of rules with the first interface, at least one of 
the sets of rules being a shared set of rules also associated with a second interface, 
each rule in the at least two sets of rules having an associated action , wherein 
Ternary Content Addressable Memory (TCAR^D storage space is saved by storing the 
shared set of rules in a first Access Control List (ACL) : 

storing a set of rules specific to only the first interface in a second ACL: 

determining a key of the data packet; 

searching h ko at loaot two Got o of rules both the first ACL and the second 
ACL for at least one rule matching the key; and 
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jj- vvhen at least one rule matching the key is found, applying the action 

associated with each of th e at l oaat o ne the kev-matching rule to the data packet. 

9. (Original) The method of claim 8 wherein the step of associating at least two 
sets of rules with the first interface includes associating at least one set of rules 
with the first interface alone. 

10. (Original) The method of claim 8 wherein the data packet is an internet 
protocol (IP) packet, wherein the interface is located within a router, and wherein 
the step of associating at least two sets of rules with the first interface comprises 
associating at least two access control lists (ACLs) with the first interface. 

11. (Original) The method of claim 10 wherein each associated action is one of 
packet denial, packet allowance, packet counting, and packet copying. 

12. (Original) The method of claim 10 wherein the key is determined from 

information contained within a header of the IP packet. 

13. (Original) The method of claim 12 wherein the information from which the 
key is determined includes at least one of an IP source address, an IP destination 
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3 address, a protocol number, a Transmission Control Protocol/User Datagram 

^1 Protocol (TCP/UDP) source port, a TCP/UDP destination port, and an Internet 

5 Control Message Protocol code. 

. 1 

1 14. (Previously Presented) The method of claim 8 wherein the step of searching 

2 the at least two sets of rules comprises the steps of: 

3 determining a priority order for the at least two sets of rules; and 

1 searching for a rule matching the key in the at least two sets of rules in an 

0 order matching the priority order. 
I 

1 15. (Currently Amended) A line card comprising: 

2 a first interface; 

3 a second interface; 

'I a first set of rules Q fjsocia-te d w i t h at l ea-s^ specific to only the first interface; 

5 a second set of rules as^eei^fee d w it h shared bv the first interface and 

6 the second interface: wherein Ternary Content Addressable Memory (TCAM) 
' storage space is saved bv storing the second set of rules in a first Access Control 
8 List (ACL) and bv storing the first set of rules in a second ACL. 



-6- 
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means for searching both the fii'st ACL and the second ACL t he Firot act of 
iHAjee-aQ<4-rrhe-seeeHd-^e t o f ruloG to determine at least one rule sp ccif i e- annlicable to 
indiWdual data packets arriving at the first interface; and 

applying an action associated with the at least one rule to the data packets. 

16. (Original) The line card of claim 15 wherein the first set of rules and the 
second set of rules are Access Control Lists (ACLs). 

17. (Original) The line card of claim 15 wherein the first set of rules is associated 
with only the first interface. 

18. (Previously Presented) The line card of claim 17 further comprising: 
a third interface; and 

a third set of rules associated with the first interface and with the second 
interface; and wherein the means for searching for at least one rule specific to 
individual data packets arriving at the first interface further comprises searching 
the third set of rules for such a rule. 

19. (Original) The line card of claim 15 further comprising 
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means for associating the first set of rules and the second set of rules to the 
first interface according to a priority order, and 

wherein the means for searching for a rule comprises searching the first set 
of rules and the second set of rules in the order specified by the priority order. 

20. (Original) A packet switch comprising the line card of claim 15. 

21. (Currently Amended) A computer-readable medium including instructions 
for providing security in a data packet router at which a data packet arrives at a 
first interface, comprising: 

instructions for associating at least two sets of rules with the first interface, 
at least one of the sets of rules being a shared set of rules also associated with a 
second interface, each .rule in the at least two sets of rules having an associated 
action , wherein Ternary Content Addressable Memory (TCAM) storage space is 
saved by storing the shared set of rules in a first Access Control List (ACL) and bv 
storing a set of rules specific to the first interface in a second ACL : 

instructions for determining a key of the data packet; 

instructions for searching ^o at loaot two Gets of rules b oth the first ACL and 
the second ACL for at least one rule matching the key; and 
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instructions for applying the action associated with each of the at least one 

rule to the data packet, in the cvont - t ha t when at least one rule matching the key is 

found. 



